diff options
| author | Supreeth Venkatesh <supreeth.venkatesh@arm.com> | 2017-01-20 19:25:42 +0000 |
|---|---|---|
| committer | Leif Lindholm <leif.lindholm@linaro.org> | 2017-01-23 12:42:39 +0000 |
| commit | 12e8e46a138bd8e3b99a5ac7b1a7922f06500743 (patch) | |
| tree | 3375977a18b00f72686f0d4de86dbe1ffa55defd | |
| parent | 7b03728c501f92a6e386c3c83b3583a46af89b6b (diff) | |
MM: Initial Changes to support MM in secure and normal world.HEADarmlt-20170424-001armlt-20170412-001armlt-17.04master
Changes to support building MM images in secure and normal worlds on FVP-
AEMv8-AEMv8.
Management Mode (MM) provides a secure execution environment on Server
and Clamshell platforms. It is specified in the Volume 4. PI
specification. An implementation exists in the EDK2-Staging code base.
In order to support MM on ARM, changes are required to both EDK2 and ARM
Trusted Firmware.
MM provides a management service rather than a security service. Hence
it has to be isolated from any software stack e.g. Trusted OS that
provides security services.
The MM Image executes in S-EL0 on ARM platforms in a sandboxed environment.
In future, there might be other sandboxed environments that co-exist with it.
Each sandbox implements a Secure Firmware Service.
The corresponding image is called
a SFS_PAYLOAD.
This change adds an optional parameter ATF_SFS_PAYLOAD.
ATF_SFS_PAYLOAD will be the path to management service in fd format
(EDK2 Firmware Device).
Signed-off-by: Supreeth Venkatesh <supreeth.venkatesh@arm.com>
Reviewed-by: Achin Gupta <achin.gupta@arm.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
| -rwxr-xr-x | atf-build.sh | 14 | ||||
| -rw-r--r-- | platforms.config | 22 |
2 files changed, 34 insertions, 2 deletions
diff --git a/atf-build.sh b/atf-build.sh index 0c4c09c..4d6afa0 100755 --- a/atf-build.sh +++ b/atf-build.sh @@ -60,12 +60,14 @@ function build_platform PLATFORM_ARCH="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o arch`" PLATFORM_IMAGE_DIR="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o uefi_image_dir`" PLATFORM_BUILDFLAGS="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o atf_buildflags`" + PLATFORM_SFS_PAYLOAD="`$TOOLS_DIR/parse-platforms.py $PLATFORM_CONFIG -p $1 get -o atf_sfs_payload`" if [ $VERBOSE -eq 1 ]; then echo "PLATFORM_NAME=$PLATFORM_NAME" echo "PLATFORM_ARCH=$PLATFORM_ARCH" echo "PLATFORM_IMAGE_DIR=$PLATFORM_IMAGE_DIR" echo "PLATFORM_BUILDFLAGS=$PLATFORM_BUILDFLAGS" + echo "PLATFORM_SFS_PAYLOAD=$PLATFORM_SFS_PAYLOAD" fi unset BL30 BL31 BL32 BL33 @@ -118,6 +120,14 @@ function build_platform fi fi + if [ X"$PLATFORM_SFS_PAYLOAD" != X"" ]; then + # + # Since SFS cannot be exported or undefined, + # we parametrise it here + # + SFS_OPTION="SFS_PAYLOAD=$EDK2_DIR/$PLATFORM_SFS_PAYLOAD" + fi + # # Debug extraction handling # @@ -157,9 +167,9 @@ function build_platform # if [ $VERBOSE -eq 1 ]; then echo "Calling ARM Trusted Firmware build:" - echo "CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip" + echo "CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION $SFS_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip" fi - CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip + CROSS_COMPILE="$CROSS_COMPILE" make -j$NUM_THREADS PLAT="$ATF_PLATFORM" $SPD_OPTION $SFS_OPTION DEBUG=$DEBUG ${PLATFORM_BUILDFLAGS} all fip if [ $? -eq 0 ]; then # # Copy resulting images to UEFI image dir diff --git a/platforms.config b/platforms.config index ebf81df..dc1ee21 100644 --- a/platforms.config +++ b/platforms.config @@ -51,6 +51,8 @@ # - BUILDFLAGS Any special flags you want to pass to the build command. # - ATF_BUILDFLAGS Any special flags you want to pass to the ARM Trusted # Firmware build command. +# - ATF_SFS_PAYLOAD Any special secure firmware service payload you want +# to pass to the ARM trusted Firmware build command. # - TOS_BUILDFLAGS Any special flags you want to pass to the Trusted OS # build command. # - EXTRA_FILES Any additional files to be copied to output dir. @@ -90,6 +92,26 @@ BUILD_ATF=yes UEFI_BIN=FVP_AARCH64_EFI.fd UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64 +# ARM FVP BASE AEMv8-A model +[fvp_mm_standalone] +LONGNAME=FVP Base for MM Standalone image in secure world +DSC=StandaloneSmmPkg/StandaloneSmmPkg.dsc +ARCH=AARCH64 +UEFI_BIN=FVP_AARCH64_EFI_MM_STANDALONE.fd +UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64-MM-Standalone + +[fvp_mm_normal] +LONGNAME=FVP Base for UEFI image with MM support in normal world" +DSC=OpenPlatformPkg/Platforms/ARM/VExpress/ArmVExpress-FVP-AArch64.dsc +BUILDFLAGS=-D EDK2_OUT_DIR=Build/ArmVExpress-FVP-AArch64-MM-Normal -D EDK2_ENABLE_SMSC_91X=1 -D ARM_STANDALONE_MM_ENABLE=TRUE +ARCH=AARCH64 +BUILD_ATF=debug +UEFI_BIN=FVP_AARCH64_EFI.fd +UEFI_IMAGE_DIR=ArmVExpress-FVP-AArch64-MM-Normal +ATF_PLATFORM=fvp +ATF_SFS_PAYLOAD=Build/StandaloneSmmPkg/DEBUG_GCC49/FV/STANDALONESMM.fd +ATF_BUILDFLAGS=ARM_TSP_RAM_LOCATION=dram SFSD=mmd + [tc2] LONGNAME=Versatile Express TC2 BUILDFLAGS=-D ARM_BIGLITTLE_TC2=1 |